Report: Egypt Shut Down Net With Big Switch, Not Phone Calls

The Egyptian government shut down most of its country's internet not by phoning ISPs one at a time, but by simply throwing a switch in a crucial data center in Cairo.

That according to a February presentation to the Department of Homeland Security's Infosec Technology Transition Council, obtained by Wired.com.

The presentation -- made by Bill Woodcock, research director of the Packet Clearing House -- argues that the Egyptian Communications Ministry acted quite responsibly in the procedure it used to cut ties from the net, after the shutdown was ordered by Egypt's much-feared intelligence service.

"Most of the outage was effected through a breaker flipped in the Ramses exchange, and the rest was phone calls and arm-twisting," the presentation says. 'Ramses exchange' refers to a central building in Cairo where Egyptian ISPs meet to trade traffic and connect outside of the country, a facility known as an Internet Exchange Point.

The report's timeline also contradicts many observers' guesses that a smaller internet provider called Noor escaped the initial shutdown because it provided connectivity to Egypt's stock market and several government agencies. According to the presentation, Noor seems to have been hunted down by the intelligence service, just like many other small Egyptian ISPs.

Woodcock, an expert on internet security and infrastructure -- especially connection hubs in developing countries -- did not immediately respond to a request for comment on the document. confirmed the document's veracity, but pointed out that the facts remain scant. What he does know is that his company's monitoring equipment was shut off, as was equipment from other companies; that the intelligence service did call some ISPs; and that the shutdown didn't involve manipulation of BGP, a routing protocol, as many had originally assumed.

Most media, including Wired.com, reported that government officials contacted individual ISPs and told them to shut down their networks, under threat of losing their communications licenses.

But the document (embedded below) contradicts that narrative, providing new details on the outage -- largely laying the blame on Egypt's internal security service, while describing the "flip-the-switch" shutdown as a "politically liberal" choice by the Egyptian communications ministry.

That's because turning off the internet at the center exchange made it very easy to switch it back on, prevented surveillance, made it clear to everyone what had happened, and prevented spyware from being placed on the networks.

Compare that to Tunisia, where Facebook login pages were manipulated -- presumably by the government -- to grab the passwords of Tunisian activists in order to delete their accounts and protest pages.

The presentation suggests the weeklong shutdown had severe effects on Egypt's economy, in the short term from loss of commerce, and in the long term from a likely plummet in tourism, and an exodus of call centers from Egypt.

The presentation concludes that the ministry's course of action in obeying the orders may have some positive effects in the future: "Itʼs unlikely that Egyptʼs communications ministry will ever be asked to flip that switch again."

Here's the timeline in the report (verbatim):

Tuesday, January 25:
Amn El Dawla, the State Security Intelligence Service, orders the blocking of Twitter, which was largely accomplished.

Wednesday, January 26:
The State Security Intelligence Service orders the blocking of Facebook, and DNS is blocked but this is not completely effective.

This was the second time they had tried to have Facebook blocked, but the previous attempt had been successfully countered by the communications ministry.

Arrests of people posting to the El Shaheeed and Yom Elsawra 25 January groups on Facebook begin.

Friday, January 28:
12:28am - Breakers thrown in international transport and national IXP section of Ramses exchange, 3500 prefixes and 50 Egyptian ASNs drop to 300 prefixes and 25 ASNs. All of the large ISPs are offline: TEData, Link.net, Raya Telecom (owned by Vodafone), and Nile Online and EgyNet (both owned by Etisalat).
Morning - Further ISPs offline, down to about 240 prefixes, and the intelligence service orders mobile operators to suspend voice service in some areas.

Wael Ghonim, a Google employee who was running the El Shaheeed Facebook group, is arrested.

Saturday, January 29 Morning - Mobile operators allowed to resume voice service and international SMS, but domestic SMS remains shut down and under the control of the intelligence service.

Omar Suleiman is appointed vice president after having been denied that office several years ago. Suleiman had run the Mukhabarat, the General Intelligence Service, since 1993 and Egyptʼs military intelligence service before that. Heʼs most generally recognized in the rest of the world as the coordinator of the extraordinary rendition program.

Sunday, January 30
The intelligence service begins astroturfing SMSes on Vodafoneʼs network, over Vodafoneʼs objection: "honest and loyal men: confront the traitors and criminals and protect our people and honor.”

Monday, January 31
Tarek Kamel reconfirmed as Communications Minister, while several of his cabinet colleagues are replaced with intelligence service generals.

The intelligence service continues to hunt down other ISPs, taking down Noor, whose customers include the stock exchange, major banks, the national airline, and government agencies. Only 12 ASNs and 130 prefixes remain.

Tuesday, February 1
Morning - Tarek Kamel announces that Internet service will be restored “soon.” In a separate television interview, prime minister Ahmed Shafiq is asked when and replies “within 24 hours.”
The intelligence service continues to shut down remaining ISPs, and continues astroturfing SMSes:
"Egypt’s youth: Beware rumors and listen to the voice of reason. Egypt is above all so preserve it."

Wednesday, February 2
Noon - Internet service resumed, routing converges over the course of an hour.

The intelligence service continues astroturfing SMSes:
"To each mother-father-sister-brother, to every honest citizen: Preserve this country because the
homeland stays forever.”
"A sweeping demonstration starting at noon on Wednesday from the Mustafa Mahmoud square in Mohandessin to support president Mubarak."

Thursday, February 3
OECD estimates the outage cost the Egyptian telecom sector a minimum of $90M.
Forbes ups that estimate to $110M, noting that the OECD had not included call-center revenue.
Omar Suleiman says the economic impact on the tourism industry alone is “at least $1B.”

Saturday, February 5
All SMS services restored.
Tarek Kamel calls a meeting of call-center executives to try to assess the scale of losses. Vodafone, for instance, relocated hundreds of call-center jobs from Egypt to New Zealand during the prior week.

Update: this story was updated at 1:40 PM Pacific with confirmation and information from Bill Woodcock.

A full and more updated version (pdf.) of this presentation is now available on Packet Clearing House's website.

Illustration: Screenshot from a presentation to a DHS internet committee on Egypt's January 2011 internet shutdown

See Also:- Wired.com's Coverage of the Revolt in Egypt

• Internet Down in Egypt, Tens of Thousands Protest In 'Friday of Wrath'
• Egypt Internet Restored; Cairo Protests Turn Violent
• Egypt Hacked Vodafone to Send Pro-Regime Texts
• Egypt Shut Down Its Net With a Series of Phone Calls
• Egypt Arrests 4 Facebook Activists